Previous Topic: Role of the Smkeydatabase at the Asserting PartyNext Topic: Certificates Stored in the smkeydatabase Only at the Asserting Party


Role of the Smkeydatabase at the Relying Party

At the relying party, the smkeydatabase is used for SAML 1.x and SAML 2.0 artifact single sign-on.

For SAML 1.x and SAML 2.0 artifact protocol, the relying party sends a request for the assertion to the Assertion Retrieval Service (SAML 1.x) or the Artifact Resolution Service (SAML 2.0). These services retrieve the assertion from the asserting party, which then returns the assertion to the relying party over a back channel.

It is recommended that you protect these services from unauthorized access. To secure the Assertion Retrieval or Artifact Resolution Service, use one of the following authentication methods:

For any of these authentication methods, the smkeydatabase at the relying party must be configured correctly so it can communicate with the Assertion Retrieval Service or Artifact Resolution Service in a secure manner.

If the connection between the two entities is an SSL connection, the relying party needs to have the Certificate Authority (CA) certificate associated with the server certificate from the asserting party to ensure that it trusts the server certificate. If an X.509 client certificate is required to establish a connection, then the smkeydatabase at the relying party must contain the client certificate.